Another machine, another problem

**drongo** · 06.02.2008, 19:11

Especially your avz's logs. What or who does told you make them manually ?
Read rules again, if you can't understand simple english, read rules in russian . I can't help you with it, i am deeply sorry.

**hyanghe** · 06.02.2008, 19:46

Drongo,

The process for me is download AVZ on the disk, extract, extract, update,send to zip.

Then I extract AVZ files on the infected machine, run scripts as advised in the rules section,
then I save the log files on the disk as I cannot save them on the disk in the zip format.

I tried a number of times but the only work-around I found is open the file and save it as.
Sorry I haven't got the better solution

**drongo** · 06.02.2008, 19:55

You don't need to save them in any way,zip files will be created automatically by AVZ itself in avz folder, after you will follow our rules.
see steps 8, 10

**hyanghe** · 06.02.2008, 20:05

Drongo,

Indeed they are but I need to upload them somehow, right?

And I cannot do so as ie is not working so I need to save them on the memory stick and that is the only way I could do it

**drongo** · 06.02.2008, 20:25

ok, what about firefox ? it is better browser in my opinion

Very strange stick memory that accept only ~txt, did you try to format it?
You can change file association of the "zip" file to the "txt" , and on the computer where you have an internet, change file back to the "zip". Then upload zip to your post.

**hyanghe** · 06.02.2008, 20:39

here were are,

these are the results of the yesterday scan after running fixed checked in hiJackthis

**hyanghe** · 06.02.2008, 20:41

Drongo,

I don't have it intalled, I don't think it is a problem with a memory stick I think it is a problem with an infected machine

Anyway have a good evening and I, sincerely hope these are the ones you are after

**drongo** · 06.02.2008, 20:58

Or there some system bugs, or some viruses, or both

We need to check some files to figure it out.
In order to do that, please do exactly as we say to you, not like you want to. If you can't do something, explain why in the topic. We can't read your mind

On the infected computer ( from where you did these logs ) execute the following script in avz :

Код:

begin
 SearchRootkit(true, true);
 SetAVZGuardStatus(True);
 QuarantineFile('C:\WINDOWS\system32\ie4uinit.exe','');
 QuarantineFile('C:\WINDOWS\system32\advpack.dll','');
 QuarantineFile('C:\WINDOWS\system32\IEDKCS32.DLL','');
 QuarantineFile('C:\WINDOWS\system32\schannel.dll','');
 QuarantineFile('C:\WINDOWS\system32\webcheck.dll','');
 QuarantineFile('C:\WINDOWS\system32\shell32.dll','');
 QuarantineFile('C:\WINDOWS\system32\iedkcs32.dll','');
 QuarantineFile('C:\WINDOWS\system32\Drivers\RDPWD.sys','');
 QuarantineFile('C:\WINDOWS\system32\drivers\smwdm.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\update.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\tcpip.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\srv.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\secdrv.sys','');
 QuarantineFile('C:\WINDOWS\system32\Drivers\Ntfs.sys','');
 QuarantineFile('C:\WINDOWS\system32\ntoskrnl.exe','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\fw.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\dump_KR10I.sys','');
 QuarantineFile('c:\windows\explorer.exe','');
 BC_ImportAll;
 BC_Activate;
 RebootWindows(true);
end.

Your system will reboot.
Then upload all quarantined files according to appendix #3 of Rules.
Your link is : http://virusinfo.info/upload_virus_eng.php?tid=17243
P.S. If you haven't Internet on this computer, use your magic like you did before

A question to you : on this computer i see McAfee - is there only antivirus or firewall too ?

**hyanghe** · 07.02.2008, 01:32

Hi Drongo,

both, but it might not be working - we have experienced some problems.

I'll run your scirpt first thing in the morning.

see ya

**drongo** · 07.02.2008, 16:53

Next time, make sure, that archive are password protected before sending us.
Well, i don't see any suspicious file in your archive. I think is more a system malfunction problem, than a virus.
Try to execute this script in avz :

Код:

begin
ExecuteRepair(8);
RebootWindows(true);
end.

I understand that you did upgrade to IE 7 , you can try to downgrade to IE6.
Moreover, if you have an windows cd - will be good idea to check files like here : http://www.networkclue.com/os/Windows/commands/sfc.aspx

**hyanghe** · 07.02.2008, 21:13

Hi Drongo,

i've installed firefox and it works perfectly.

IE doesn't work, also the start line is missing.

I am more than happy to do the full scan again - can you please advise.

thank you

P.S. no pop-up and security warnings this time while using Firefox

**drongo** · 07.02.2008, 23:59

Happy for you

Still, did you try go to the control panel, add/remove programes and uninstall IE 7 ? Then reboot your computer.
Just do it, like in commercial

The next step is described on the http://windowsxp.mvps.org/IEFIX.htm

**hyanghe** · 08.02.2008, 01:11

Good evening/morning

I tried to do it already but was unable to find IE7 in the Add/Remove programs.

I will double check tomorrow if not can I do it via registry?

Cheers

**drongo** · 08.02.2008, 18:19

http://internetducttape.com/2006/11/...install-guide/

Another machine, another problem

Опции темы

Похожие темы

Учетная запись,ASP NET Machine A.....?

virus problem and restore problem

My Windows XP Pro machine was infected

slow machine

machine lock up after running a while

Ваши права в разделе